From 71de7369596cb9946cab47e3f7ed31bf35f68c53 Mon Sep 17 00:00:00 2001
From: Chris Cochrun <chris@cochrun.xyz>
Date: Sat, 17 May 2025 22:29:55 -0500
Subject: [PATCH] adding keycloak

---
 modules/keycloak.nix          | 29 +++++++++++++++++++++++++++++
 modules/nextcloud.nix         |  6 +++++-
 system/shen/configuration.nix |  1 +
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 modules/keycloak.nix

diff --git a/modules/keycloak.nix b/modules/keycloak.nix
new file mode 100644
index 0000000..26ddc73
--- /dev/null
+++ b/modules/keycloak.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, unstable, ... }:
+
+let
+  dn = "auth.tfcconnection.org";
+in
+with lib;
+{
+  services = {
+    keycloak = {
+      enable = true;
+      initialAdminPassword = "clang";
+      settings = {
+        hostname = dn;
+        http-port = 8787;
+        https-port = 8788;
+        proxy = "passthrough";
+      };
+    };
+    nginx.virtualHosts.${dn} = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
index 6191771..e80314a 100644
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -26,7 +26,7 @@ with lib;
       extraApps = with config.services.nextcloud.package.packages.apps; {
         # List of apps we want to install and are already packaged in
         # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
-        inherit calendar contacts collectives recognize deck integration_openai mail groupfolders memories tasks app_api previewgenerator richdocuments;
+        inherit calendar contacts collectives recognize deck integration_openai mail groupfolders memories user_oidc tasks app_api previewgenerator richdocuments;
         # Custom app example.
         # socialsharing_telegram = pkgs.fetchNextcloudApp rec {
         #   url =
@@ -62,6 +62,10 @@ with lib;
           "OC\Preview\TXT"
           "OC\Preview\XBitmap"
         ];
+        user_oidc = {
+          auto_provision = true;
+          soft_auto_provision = true;
+        };
       };
       config = {
         dbtype = "pgsql";
diff --git a/system/shen/configuration.nix b/system/shen/configuration.nix
index 7e5978f..d02caec 100644
--- a/system/shen/configuration.nix
+++ b/system/shen/configuration.nix
@@ -21,6 +21,7 @@ in
       ../../modules/vaultwarden.nix
       # ../../modules/nocodb.nix
       ../../modules/grist.nix
+      ../../modules/keycloak.nix
       # ../../modules/comfyui.nix
       # ../../pkgs/server.nix
       # ../../pkgs/nextcloud.nix